This sentiment builds on the results of last year’s survey, which found that business leaders across industry groups and in countries around the globe were feeling slightly more concerned, overall, about the risk environment. In comparison, respondents to the 2015 survey indicated that they had a more optimistic outlook about the future.

Of course, many changes and events have occurred over the past two years to cause business leaders to feel more uncertain about the risk landscape. These factors, outlined in the 2017 survey report, include the impact of the Brexit vote in the United Kingdom, polarization surrounding the recent U.S. presidential election, increased volatility in commodity markets, terrorist events, asset bubbles in China, continued discussion about fair wages and income equality, and ongoing instability in the Middle East.

Key findings from the 2017 survey include the following:

Respondents outside of the United States are signaling greater concern about the overall risk environment in 2017, compared to their U.S. counterparts.

Even though there is heightened overall concern about elevated risks, the survey findings suggest most organizations are not likely to devote additional time and resources to risk identification and risk management over the next 12 months.

Half of the top 10 risks are operational risks. Three relate to strategic risk concerns and two relate to macroeconomic issues — specifically, worries about economic conditions and the volatility of financial markets. These two macroeconomic concerns were among the risk areas that saw the greatest increase in risk ratings from 2016.

Overview of the top six risks for 2017

So, which risk areas are weighing most on the minds of business leaders this year? Here’s a look at the top six risks for 2017, according to research from Protiviti and North Carolina State University’s ERM Initiative, along with some select analysis from the survey report:

1. Economic conditions in markets that organizations currently serve may restrict their growth opportunities

This risk moved into the top spot this year after ranking second in 2016. CEOs and CFOs who participated in the latest survey ranked this as their top concern for 2017. Seventy-two per cent of all respondents rated it a “significant impact” risk, compared to 60 per cent in last year’s survey.

Consumer products and services (CPS) companies and manufacturing and distribution (M&D) businesses cited economic conditions as the number-one risk area for their organizations this year. The survey report says CPS executives are concerned about, among other things, increasing global competition and growing options for consumers to obtain products and services from a broad range of companies both within and outside of their industry group.

As for M&D businesses, economic concerns in focus include rising global debt and anticipated market changes and challenges due to events such as the Brexit vote. In addition, as the new U.S. administration’s trade policies take shape, they are creating uncertainty for M&D companies in the United States and other countries.

2. Regulatory change and scrutiny may heighten, noticeably affecting the manner in which companies deliver their products or services

Regulatory risk ranked first in all four prior surveys conducted by Protiviti and North Carolina State University’s ERM Initiative. Even though it has dropped to second place in 2017, it continues to represent a major source of uncertainty for most executives surveyed. The report notes that “companies continue to have significant anxiety that regulatory challenges may affect their strategic direction, how they operate and their ability to compete with global competitors on a level playing field.”

Executives at companies in the financial services, healthcare and life sciences, and energy and utilities industry groups identified regulatory risk as the top concern for their businesses in 2017.

3. Organizations may not be sufficiently prepared to manage cyberthreats that have the potential to significantly disrupt core operations and damage their brand

All modern businesses are technology businesses, to some degree. Digitization advances, cloud computing adoption, mobile device usage and other technology trends are evolving faster than companies’ security protections. The growing number of high-profile data breaches and cyberattacks in recent years has many executives realizing that a disruptive cyber incident that can negatively impact their organization and its brand reputation is not a matter of if, but when.

As the survey report explains, “the apparent level of sophistication of perpetrators and the significant impact of a breach [has] more organizations … recognizing that this risk is an enterprise security issue, not just an IT security issue.” The report also projects that “cyber is likely to never leave the stage as a top risk” because businesses will become only more reliant on technology over time for their daily operations as well as for executing their global strategies.

Of note, this risk topped the list for chief audit executives who responded to the 2017 survey. However, interestingly, chief technology executives did not even include this risk among their top five.

4. Rapid speed of disruptive innovations and/or new technologies may outpace organizations’ ability to compete and/or manage the risk appropriately, without making significant changes to their business models

Three of the six industry groups examined in the 2017 survey view this risk area as a “significant impact” risk. Not surprisingly, perhaps, this risk tops the list for technology, media and communications companies. These businesses are under intense and constant pressure to innovate so they can maintain a competitive advantage and keep their customers loyal.

Customers and employees are only expanding their use of mobile applications and devices, social media, and cloud computing. As they do, it is becoming increasingly difficult for businesses to manage user privacy and identities, and to protect their data and systems. The Internet of Things will exacerbate these challenges as devices become more interconnected and generate and share more data.

Executives with CPS companies and healthcare and life sciences firms — organizations that handle a great deal of sensitive user data — expressed the most concern about this risk in the year ahead. Financial services companies also manage highly sensitive customer and financial data, yet their executives did not rank this risk among the top five for their industry group this year.

For more on this topic, see Protiviti’s latest Security and Privacy Survey, available here.

This is the fifth consecutive year that this risk has appeared in the overall top 10 list in the survey. M&D companies and healthcare and life sciences firms ranked it among their top five concerns for this year. Chief audit executives also identified this area as one of the top five risks for their organizations.

Changing workforce demographics, slower economic growth, intensifying customer demands and growing complexity in the global marketplace are all factors contributing to employers’ challenges in acquiring, developing and retaining talent. Trends such as globalization, digitization and increasing mobility are also creating a need for employers to alter their talent management strategies. The report notes, “Companies in some industries must now access talent pools globally to obtain the specialized knowledge and technical know-how they need.”